Vulnerability

    listmanager

Affected

    listmanager

Description

    Following  is  based  on  a  FreeBSD-SA-00:50  Security  Advisory.
    The listmanager port, versions prior to 2.105.1, contained several
    locally exploitable buffer overflow vulnerabilities which could be
    used to gain root privileges.

    Since  the  source  code  to  listmanager  is not available, it is
    difficult  to  determine  whether  there  are  remaining  security
    vulnerabilities,   or   whether   the   software   was  previously
    exploitable remotely, but  we believe the  author has made  a good
    faith effort to improve the security of the code.

    Unprivileged users can obtain root privileges on the local system.
    If you have  not chosen to  install the listmanager  port/package,
    then your system is not vulnerable to this problem.

Solution

    Deinstall the listmanager port/package, if you have installed it.

    Solutio is one of the following:

        1) Upgrade  your  entire  ports  collection  and  rebuild  the
           listmanager port.
        2) Deinstall the old package  and install a new package  dated
           after the correction date, obtained from:
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/listmanager-2.105.1.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/listmanager-2.105.1.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/listmanager-2.105.1.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/listmanager-2.105.1.tgz
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/listmanager-2.105.1.tgz
        3) download a new port skeleton for the listmanager port from:
           http://www.freebsd.org/ports/
           and use it to rebuild the port.